I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

PowerPoint Slideshow about 'Red Flag Rules' - adamdaniel

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

If you are the victim of identity theft, FACTA gives you the right to contact a credit reporting agency to flag your account. To place a fraud alert, you must provide proof of your identity to the credit bureau.

The fraud alert is initially effective for 90 days, but may be extended at your request for seven years when you provide a police report to the credit bureaus that indicates you are a victim of identity theft.

FACTA creates a new kind of alert, an active duty alert, that allows active duty military personnel to place a notation on their credit report as a way to alert potential creditors to possible fraud.

While on duty outside the country, military members are particularly vulnerable to identity theft and lack the means to monitor credit activity.

An active duty alert is maintained in the file for at least 12 months.

If a fraud alert or active duty alert is placed on your credit report, any business that is asked to extend credit to you must contact you at a telephone number you provide or take other "reasonable steps" to see that the credit application was not made by an identity thief.

FACTA gives you the right to a free copy of your credit report when you place a fraud alert. With the extended alert (seven years), you are entitled to two free copies of your report during the 12-month period after you place the alert.

In adopting FACTA, Congress recognized that consumers are helpless to prevent identity theft if businesses ignore the events that signal a potential fraud.

Thus, FACTA incorporates several provisions that require financial institutions, creditors, and other businesses that rely on consumer reports to detect and resolve fraud by identity theft.

Consumer advocates have long pointed out that consumers can only go so far in protecting against identity theft, and that much of the problem lies with lax procedures of credit issuers and other companies that use information from credit reports.

A climate of easy credit has made some creditors far too willing to accept a change of address, a request for a replacement credit card, or reactivation of a dormant account.

Pursuant to regulations promulgated by the Federal Trade Commission and other federal agencies, financial institutions and creditors will be required to create an Identity Theft Prevention Program to detect, prevent, and mitigate identity theft with respect to the opening of certain accounts or certain existing accounts.

These regulations, often called the Red Flag Rules, became effective January 1, 2008, and mandatory compliance is required by November 1, 2008.

Financial institutions and creditors will be required to create an identity theft prevention program by Nov. 1, 2008, under the Red Flag Rules created by a group of federal regulatory agencies, including the Federal Trade Commission, to protect consumers and businesses from the threat of identity theft.

Although the Federal Trade Commission announced in October 2008 that it will delay enforcement of the regulations for qualifying entities until May 1, 2009, it is important for financial institutions and creditors to learn not only what is considered a red flag, but also the elements that should be put in place to create an identity theft prevention program.

The purpose of an identity theft prevention program is to detect, prevent and mitigate identity theft linked to the opening and maintaining of certain covered accounts.

The Fair Credit Reporting Act (FCRA) defines a covered account as one created for personal, family or household purposes that allows multiple payments, or for which there is a reasonable, foreseeable risk of identity theft occurring.

The term “credit” is defined as “the right granted by a creditor to a debtor to defer payment of debt or to incur debts and defer its payment or to purchase property or services and defer payment therefore.”

The FTC has stated that while accepting credit cards as a method of payment does not make the accepting entity a creditor, businesses such as finance companies, automobile dealers, utility companies, and telecommunication companies are creditors. Even non-profit and government entities who defer payment of goods and services are considered creditors

It is therefore assumed that a hospital that allows for payment of services rendered to be deferred or paid on a payment plan would fit into the definition of a “creditor”

Because the definition of a covered account is extremely broad, any financial institution or creditor that reasonably foresees problems arising from identity theft should be prepared to create a written Program.

The program itself should be tailored to fit the size of the financial institution and the complexity/nature of the operation. In essence, the program should have reasonable policies and procedures in place to:

Identify and incorporate red flags into the program.

Detect red flags.

Respond appropriately to any detected red flags.

Ensure periodic review and updating.

If your organization already has a program in place, you can incorporate the existing program into the new identity theft prevention program.

A red flag is a pattern, practice or specific activity that indicates a warning of possible identity theft. The categories include:

Alerts or notifications— 1. When a fraud or active duty alert is included with a consumer report. 2. A credit reporting agency provides notice of a credit freeze. 3. A credit reporting agency provides notice of an address discrepancy. 4. The consumer report indicates an unusual pattern of activity such as an unusual number of recently established credit relationships.

Suspicious personal identifying information on an application.

Unusual use of a covered account.

Notice is received of possible identity theft occurring in connection with covered accounts.

1. Identify any specific activity, pattern, or practice indicating a possible existence of identity theft. Otherwise known as the Red Flags, the entity should consider four factors in determining what Red Flags it should incorporate into its Program:

What types of covered accounts does the entity maintain or provide?

What methods does the entity use in maintaining or providing covered accounts?

The Program must have sufficient policies and procedures addressing the detection of those incorporated Red Flags.

The guidelines provide two examples of such policies and procedures.

First, acquiring identifying information about a person opening a covered account and verifying his or her identity.

Second, identifying, monitoring, and verifying the validity of change of address requests for existing covered accounts.

3. Respond Appropriately to Any Red Flags Detected

Once a Red Flag has been detected, the Program must define how the entity will respond.

In responding to a Red Flag, the entity should determine whether the Red Flag detected a risk of identity theft and must have a reasonable basis to conclude there is no evidence of risk of identity theft.

The Program must be reviewed and updated periodically, and any updates should reflect changes in risks to customers and the entity from identify theft.

This review not only includes considering changes in identity theft methods as well as the accounts the entity offers or maintains, but it also requires consideration of changes in business arrangements of the entity.

One way to look for red flags is to pay close attention to the documents associated with accounts.

Documents that may be considered warning signs of identity theft, or red flags, include those that appear to have been altered or forged, or that have information that is inconsistent with the information provided by the person opening the account.

It might also be a red flag if the signature on an application looks like it was traced or was rewritten after being crossed out.

Practice Point: If the application looks like it was piecemealed together, that's something that would be a red flag or a trigger that possible identity theft has occurred

The rules do not require creditors and financial institutions provide all red flags included in the guidance, but such entities are required to consider the guidance and include those red flags in their program as appropriate.

If an account holder requests a new bank card, attempts to take out a lot of cash advances or requests a new authorized user shortly after an address change, it might be an indication that someone intends to commit fraud or identity theft.

In that scenario, the financial institution that extended the credit should have steps in place to verify the information with the customer.

In addition, it might be a red flag if a consumer comes into a hospital to obtain services and cannot provide information about him or herself beyond a driver's license, such as a mother's maiden name, an address, date of birth or what high school he or she attended.

The guidance suggests red flags can be detected in at least one of two ways:

By obtaining identifying information about a person opening an account.

By verifying the validity of any changes made to the account.

The way in which a creditor or financial institution responds to a red flag alert or notification should correspond to the type of threat it detected.

First and foremost, the entity should determine whether the red flag that was discovered poses a risk of identity theft and, if so, it should respond based on the degree of risk associated with the red flag.

Practice Point: The guidelines don't specify how often an identity theft prevention program should be updated, but it should be done periodically.

Practice Point: An organization should review its previous experience with identity theft and methods of mitigating the risk of identity theft to determine the extent of the program.

Although there is no private cause of action for not having an identity theft prevention program in place, financial institutions could be subject to fees imposed by the Federal Trade Commission for not implementing a program.

Practice Point: Properly training staff members who handle account information about your individual identity theft prevention program will help prevent identity theft and ensure the program works effectively.

Practice Point: Have adequate “checks and balances” or appropriate oversight within your organization

HCRA is a major component of New York State's Health Care financing laws which governs hospital reimbursement methodologies and targets funding for a multitude of health care initiatives. The law also requires that certain third-party payors and providers of health care services participate in the funding of these initiatives through the submission of authorized surcharges and assessments.

The New York State HCRA set forth in Public Health Law § 2807-c and related provisions establish the requirement that no-fault insurers and self-insurers pay a surcharge on payments made for services rendered in general hospitals, diagnostic and treatment centers, and freestanding clinical laboratories to the Public Goods Pool.

Under HCRA, payors for select health care services in New York, including self-funded plans, are required to pay surcharges on select fee-for-service and capitated medical claims and monthly assessments on plan members residing in New York.

These surcharges and assessments are used by the state to pay for indigent care, graduate medical education, and other health-related initiatives.

Under HCRA, self-funded plans incur a public goods surcharge on all inpatient and outpatient hospital care, clinical lab services and services rendered at ambulatory surgery, diagnostic and treatment centers.

Included in the services subject to the surcharge payments are behavioral care/substance abuse treatments rendered at a designed New York provider facility.

Where contractual relationships between beneficiaries and payors require a fixed dollar patient copayment or deductible only, the beneficiary's fixed dollar liability will not increase as a result of the application of the HCRA surcharges.